[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
FW: LDAP v3 authentication
Let's make sure PKIX requirements (assuming we have some) are input to
mailto:email@example.com Tel: (613) 247-3181
http://www.entrust.com Fax: (613) 247-3690
Orchestrating Enterprise Security
>Sent: December 5, 1997 9:23 AM
>Subject: LDAP is approved!
>After a long discussion, the IESG has decided to approve LDAPv3.
>That's good news - BUT:
>The IESG also requested (as you can see) that the spec be supplemented
>as soon as possible with a Proposed Standard for mandatory-to-implement
>authentication in LDAPv3, so that one could approach the prospect
>of an Internet-accessible read-write directory with a joyous heart
>rather than with trepidation and noninteroperability.
>Congratulations - and let's start working!
> Harald A
From: The IESG <firstname.lastname@example.org>
To: Unknown User <Unknown User>
Cc: RFC Editor <email@example.com>, Internet Architecture Board
<firstname.lastname@example.org>, "email@example.com" <firstname.lastname@example.org>
Subject: Protocol Action: Lightweight Directory Access Protocol (v3) to Proposed Standard
Date: Fri, 5 Dec 1997 08:14:50 -0500
Content-Type: text/plain; charset="us-ascii"
The IESG has approved the following Internet-Drafts as Proposed
o Lightweight Directory Access Protocol (v3)
o Lightweight Directory Access Protocol (v3): Attribute Syntax
o Lightweight Directory Access Protocol (v3): UTF-8 String
Representation of Distinguished Names
o The String Representation of LDAP Search Filters
o The LDAP URL Format <draft-ietf-asid-ldapv3-url-04.txt>
o A Summary of the X.500(96) User Schema for use with LDAPv3
These documents are the product of the Access, Searching and Indexing
of Directories Working Group. The IESG contact person(s) are Harald
Alvestrand & Keith Moore.
The protocol described in this document is designed to provide access
to directories supporting the X.500 models, while not incurring the
resource requirements of the X.500 Directory Access Protocol (DAP).
It is an improvement over the earlier LDAP version 2 that includes
consistent character set handling, cleaner security, the possibility
of handing back referrals to other servers, and extensibility.
Working Group Summary
The ASID WG had rough consensus on this set of documents, the
roughness being mostly in the area of what functionality to include
in or exclude from the core protocol.
There was consensus on the selection presented here.
The protocol has been reviewed for the IESG by Chris Weider and
Harald Alvestrand. Multiple implementations exist of both clients
Note To RFC Editor:
The IESG requests the following note be included:
IESG NOTE: This document describes a directory access protocol that
provides both read and update access. Update access requires secure
authentication, but this document does not mandate implementation
of any satisfactory authentication mechanisms.
In accordance with RFC 2026, section 4.4.1, this specification is
being approved by IESG as a Proposed Standard despite this limitation,
for the following reasons:
a. to encourage implementation and interoperability testing of
these protocols (with or without update access) before they
are deployed, and
b. to encourage deployment and use of these protocols in read-only
applications. (e.g. applications where LDAPv3 is used as
a query language for directories which are updated by some
secure mechanism other than LDAP), and
c. to avoid delaying the advancement and deployment of other Internet
standards-track protocols which require the ability to query, but
not update, LDAPv3 directory servers.
Readers are hereby warned that until mandatory authentication
mechanisms are standardized, clients and servers written according
to this specification which make use of update functionality are
UNLIKELY TO INTEROPERATE, or MAY INTEROPERATE ONLY IF AUTHENTICATION
IS REDUCED TO AN UNACCEPTABLY WEAK LEVEL.
Implementors are hereby discouraged from deploying LDAPv3 clients
or servers which implement the update functionality, until a
Proposed Standard for mandatory authentication in LDAPv3 has been
approved and published as an RFC.